CN107181760A - A kind of distributed nearly threat source attack blocking-up method and its device - Google Patents

A kind of distributed nearly threat source attack blocking-up method and its device Download PDF

Info

Publication number
CN107181760A
CN107181760A CN201710549113.0A CN201710549113A CN107181760A CN 107181760 A CN107181760 A CN 107181760A CN 201710549113 A CN201710549113 A CN 201710549113A CN 107181760 A CN107181760 A CN 107181760A
Authority
CN
China
Prior art keywords
attack
security gateway
protection control
control module
linked protection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710549113.0A
Other languages
Chinese (zh)
Inventor
陆月明
陈小雨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Posts and Telecommunications
Original Assignee
Beijing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Posts and Telecommunications filed Critical Beijing University of Posts and Telecommunications
Priority to CN201710549113.0A priority Critical patent/CN107181760A/en
Publication of CN107181760A publication Critical patent/CN107181760A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones
    • H04L63/0218Distributed architectures, e.g. distributed firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of distributed nearly threat source attack blocking-up method and its device, belong to cyberspace security technology area.Device of the present invention includes linked protection control module and attack blocks performing module;Linked protection control module is deployed in the guard system of network, and attack blocks performing module to be deployed in each security gateway of network.Method of the present invention by receive from attack detecting side transmit come attack type and path, according to security gateway deployment, try to achieve execution security gateway, execution security gateway on block network attack.The present invention, which is calculated, performs security gateway, execution security gateway can be calculated according to security gateway set and attack path, reduce consumption of the attack to Internet resources, the security gateway in the nearly threat source of selection is execution security gateway, it can prevent attack traffic from flowing in a network to greatest extent, improve flow in network efficient.

Description

A kind of distributed nearly threat source attack blocking-up method and its device
Technical field
The present invention relates to the distributed nearly threat source attack blocking-up method of the one kind ensured applied to the network information security and its Device, belongs to cyberspace security technology area.
Background technology
Network attack is more and more on current internet, not only makes servers go down, and cause Internet resources largely to disappear Consumption, effective discharge are reduced, network availability is reduced etc..Traditional human strategy is frequently with fire wall or security gateway under fire Nearby (nearly victim), such as data center's entrance, block the network attack of invasion, can block including Distributed Denial of Service attack The a large amount of attacks attacked including (DDoS), protect the server of data center.But, this defence policies can not prevent attack Consumption of the flow to Internet resources, lets alone attack traffic and Internet resources is arbitrarily taken outside fire wall.
With the improvement of network structure, the proposition of Next Generation Internet architectural framework, the raising of 5G internet securities, the world Determination of integrated network overall plan etc., network information security guarantee strategies are not to turn into the security patch in network, but It is dissolved into network itself, as one important part of network, or even the module as the network equipment, including but not It is limited to the modules such as certification, signature, the attack detecting of the network terminal.
Still further aspect, with network information security Data Collection and convergence, the data mining of Security-Oriented analysis Lifting, the deployment of network information security Study on Trend system of technology, many network attack detection means are not limited to fire wall The analysis of single-point, has been deployed to network each sensor, on offline NetStream Data Analyzer and data mining server, to net The analysis of network attack is more careful and complete.
The content of the invention
The present invention proposes that a kind of distribution is near and threatens source attack blocking-up method and its device, and one is provided for Network Security Environment Plant and block network means.The present invention by receive from attack detecting side transmit come attack type and path, foundation safety net The deployment of pass, tries to achieve the nearly attack for threatening source and blocks execution security gateway, referred to as perform security gateway, performing security gateway Upper blocking network attack.
The nearly threat source attack occluding device of distribution that the present invention is provided, including linked protection control module and attack are blocked Performing module;Linked protection control module is deployed in the guard system of network, and attack blocks performing module to be deployed in network In each security gateway.Described linked protection control module receives attack path and attack type information in network, calculates branch The execution security gateway that nearly threat source attack is blocked is held, distribution attack blocking instruction blocks performing module to attack, and acquisition is held Row result.Described attack blocks performing module reception attack to block instruction, and control execution security gateway performs attack blocking and referred to Order, and execution result back gives linked protection control module.
Described linked protection control module, in addition to attack block control effect to study and judge and abnormality processing, according to attack Block the implementing result of performing module feedback to carry out effect to study and judge, the instruction to not blocking smoothly is submitted to guard system and alarmed Information.
The nearly threat source attack blocking-up method of distribution that the present invention is provided, including:
(1) security gateway set is configured in linked protection control module;
(2) linked protection control module is received with decomposing attack information, obtains attack path and attack type;
(3) linked protection control module tries to achieve the execution safety net for supporting that nearly threat source attack is blocked on every estimated path Close;
(4) linked protection module blocks instruction to security gateway transmission is performed, and converges and collect blocking instruction feedback;
(5) performing the attack in security gateway blocks performing module to perform blocking instruction, produces blocking action;
(6) attack blocks performing module analysis barrier effect performance indications, obtains implementation effect and is sent to linked protection control Molding block;
(7) linked protection control module convergence implementation effect, studies and judges implementing result, is instructed for the blocking for performing failure, Alerted to guard system.
Advantages of the present invention is with good effect:(1) present invention configuration security gateway information, it will be appreciated that the peace of the whole network Full gateway quantity, can selectively dispose attack blocking strategy.(2) present invention, which is calculated, performs security gateway, according to security gateway Set and attack path can calculate execution security gateway.(3) present invention can reduce consumption of the attack to Internet resources, choosing The nearly security gateway for threatening source is selected to perform security gateway, can prevent attack traffic from flowing in a network to greatest extent, subtract Lack attack traffic, improve flow in network efficient.
Brief description of the drawings
Fig. 1 is module arrangement schematic diagram in the nearly threat source attack occluding device of distribution that the present invention is provided;
Fig. 2 is the signal that the nearly threat source attack occluding device of distribution that the present invention is provided and method realize blocking mechanism Figure.
Embodiment
Below in conjunction with drawings and examples, the present invention is described in further detail.Described embodiment is also only It is a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people The every other embodiment that member is obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Distributed nearly threat source attack occluding device of the invention, including linked protection control module and attack block execution mould Block, as shown in Figure 1.Linked protection control module is deployed in the guard system of network, and linked protection control module can be with Used simultaneously by multiple guard systems.Attack is blocked in the security gateway of performing module deployment in a network, is included but is not limited to Safe access gateway, internetworking security gateway, fire wall etc., can be used by many or multiclass security gateway.Linked protection Control module control attack blocks performing module to perform, and can perform attack resistance in the multiple execution security gateways of control of same period It is disconnected.The attack that includes in the system detectio networks such as network attack detection, network safety situation analysis, network traffics off-line analysis exists Interior relevant information is pushed to linked protection control module.
As shown in Fig. 2 linked protection control module is realized:Attack path is received and information decomposition with attack type information; The nearly execution security gateway for threatening source attack to block is supported to calculate;Attack blocks control effect to study and judge and abnormality processing;Attack resistance Severed finger order distribution is converged with result;Linked protection interactive communication agreement.Attack blocks performing module to realize:Block command reception with As a result feed back;Performing security gateway attack blocks instruction to perform;Barrier effect Performance Analysis.Linked protection interactive communication is assisted View realizes linked protection control module and extraneous communication, receives attack information, sends attack and blocks instruction etc..
In linked protection control module, core is that attack blocks control effect to study and judge and abnormality processing, using attack road Footpath receives with information decomposition to handle the attack information of outside with attack type information, threatens what source attack was blocked using support is near Perform security gateway to calculate to try to achieve execution security gateway, finally block instruction distribution to refer to result convergence to start using attack Order and acquisition result.In blocking performing module is attacked, it is core with result feedback to block command reception, using execution safety net Closing attack blocks instruction to perform to control flow, and implementation effect is monitored using barrier effect Performance Analysis.
The nearly threat source attack of distribution that the present invention is realized is blocked, during especially for distributed denial of service attack, estimation Path has a plurality of, obtains each attack path, calculates the execution security gateway on each path, performs attack and blocks instruction.This hair It is bright that attack blocking performing module is added in each security gateway.
In the present invention, support the nearly execution security gateway computational methods for threatening source attack to block are realized as follows:
Assuming that main frame rk1Attack main frame rknCertain attack path be
Pk={ rk1,rk2,…,rki,…,rkn-1,rkn, i=1,2 ..., and n }, k, n ∈ N.N represents positive integer.
Attack path PkIt is an oriented n tuple, represents k-th of attack rknPath, rkiFor attack path PkBy I-th of node.Described node refers to that those can carry out the Internet and its equipment with upper strata of packet forwarding, can be with It is main frame, router, security gateway etc..
Assuming that the security gateway collection in network is combined into
F={ f1,f2,…,fj,…,fm, j=1,2 ..., and m }, m ∈ N.
fjRepresent j-th of security gateway.Security gateway is an isolated node in network.Security gateway can be blocked and attacked Hit path PkThe sufficient and necessary condition of flow be
rks、rkdAttack path P is represented respectivelykUpper s-th of node, k-th of node, DN (rks,rkd) represent in two nodes rks、rkdBetween security gateway set.If above condition that is,Do not have in attack path so There is security gateway, then, the attack can not be blocked.{rkiRepresent attack path PkOn from rksTo rkdNode set, ∩ represents to seek common ground.Node can be described with ip, then be exactly to find identical ip when seeking common ground.
Assuming that DN (rks,rkd)={ fi|i∈{1,2,…,n}};Near using the present invention attacks threat source attack blocking mechanism, Selection performs security gateway ftAs prevention policies deployment point, path P is blockedkUpper node rksTo node rkdProcotol stream attack Hit.The security gateway closest to threat source is chosen as execution security gateway, the method for specifically chosen execution security gateway is:
1. init Tag value i=1 is set;
2. in path PkOn choose a r in orderki, composition set Ft={ rki};
3. DN (r are calculatedks,rkd)∩Ft
If 4.2. so i=i+1, turn;
If 5.Then choose rkiIt is used as execution security gateway.And rkiMeet lower noodles Part:
Process shows above, sequentially chooses node from attack path successively, finds and performs security gateway, selected safety net Closing distance threatens source nearest.
The nearly threat source attack blocking-up method of distribution that the present invention is provided, implementation process includes:
1. security gateway set F={ f are configured in linked protection control module1,f2,…,fj,…,fm, so as to conduct Selection performs the foundation of security gateway.
2. linked protection control module is received with decomposing attack information, obtains " attack path " and " attack type " data.
3. to each attack path, linked protection control module tries to achieve the execution that the path supports nearly threat source attack to block Security gateway.
4. the execution of linked protection control module control attack blocking, sends to security gateway and blocks instruction, convergence and receipts Collection blocks instruction feedback.
5. performing the attack in security gateway blocks performing module to perform blocking instruction, produces blocking action.
6. attack blocks performing module analysis barrier effect performance indications, obtains implementation effect.
7. linked protection control module convergence implementation effect, studies and judges implementing result, is instructed for the blocking for performing failure, to Guard system is alerted.
Embodiment
(1) linked protection module performs the attack path and attack type in " distributed nearly threat source attack blocking mechanism " Information is received and information decomposition.Receiving attack information is:
The IP address of attacker's main frame is 100.100.100.10, is abbreviated as 100100100010;Victim host address For 200.200.200.20,200200200020 are abbreviated as;Attack type is DDoS (distributed denial of service), wherein the 10th article Attack path is:
P10=100100100010,100100100020,100100100030,100100100040, 100100100050,100100100060,100100100070,100100100080,100100100090,20020020010, 20020020020}
Attack path P10It is a 11 oriented tuples.
(2) security gateway set is configured in linked protection module:
F=200200200010,100100090020,100100100030,100100080060,1001 00100060, 100100060030,200200200050}
Security gateway is an isolated node in network, and the position of a node is occupied in the paths.
(3) support that linked protection module is performed in " distributed nearly threat source attack blocking mechanism " closely threatens source attack resistance Disconnected execution security gateway is calculated, and is specially:
Judge that security gateway can block attack path P now10Sufficient and necessary condition
DN (100100100010,20020020020)=F ∩ P10
={ 200200200010,100100100030,100100100060 }
Due toSatisfaction can block the condition of attack.Current three Individual security gateway (| DN (100100100010,20020020020) |=attack 3) can be blocked, in order to economize on resources and improve Performance, it is only necessary to select a security gateway just to meet requirement to perform security gateway.Here is that selection performs safety net The process of pass:
1. in P10The 1st security gateway composition set F is selected in path in ordert={ 100100100020 }.
2. calculateIt is unsatisfactory for condition.
3. again in P10The 2nd security gateway composition set F is selected in path in ordert={ 100100100030 }.
4. F is calculatedt∩ DN={ 100100100030 }, are not sky, and satisfaction can block the condition of attack.
5. security gateway 100.100.100.30 is chosen as execution security gateway.I.e. closest to the safety net of attacker Close, sending attack to the execution security gateway blocks instruction.
(4) attack that linked protection module is performed in " distributed nearly threat source attack blocking mechanism " blocks control, specifically For:
Sent to security gateway 100.100.100.30 and block path P10The instruction of information flow.
(5) the execution security gateway that attack blocks performing module to perform in " distributed closely to threaten source attack blocking mechanism " is attacked Hit blocking instruction to perform, be specially:
Block path P10Information flow.
(6) attack blocks performing module to perform the execution barrier effect in " distributed closely to threaten source attack blocking mechanism " Energy index analysis, be specially:
Analyse whether to have blocked P in executable security gateway exit10Information flow, analyzes result for " P10Information flow Block ".
The implementing result that linked protection module is performed in " distributed nearly threat source attack blocking mechanism " is studied and judged, and is specially:
Receive and convergence blocks implementing result, including " P10Information flow has been blocked " information.To the unrealized finger smoothly blocked Order, warning message is submitted to guard system.

Claims (6)

1. a kind of distributed nearly threat source attack occluding device, it is characterised in that hindered including linked protection control module and attack Disconnected performing module, linked protection control module is deployed in the guard system of network, and attack blocks performing module to be deployed in network Security gateway in;
Described linked protection control module receives attack path and attack type information in network, calculates and supports nearly threat source to attack The execution security gateway of blocking is hit, distribution attack blocks instruction to block performing module to attack, and obtains implementing result;
Described attack blocks performing module reception attack to block instruction, and control execution security gateway performs attack and blocks instruction, And execution result back gives linked protection control module.
2. device according to claim 1, it is characterised in that described linked protection control module, is configured with safety net Set is closed, when calculating the execution security gateway for supporting closely to threaten source attack to block, using set and computing, the order of selection is The order occurred according to security gateway in attack path, it is specific as follows:
First determine whether whether there is security gateway in attack path, if there is security gateway set DN;Sequentially selected from attack path Node is taken, judges whether there is common factor with DN, when there is common factor, node is taken as execution security gateway using currently selected.
3. device according to claim 1, it is characterised in that described linked protection control module, in addition to attack resistance Disconnected control effect is studied and judged and abnormality processing, and the implementing result for blocking performing module to feed back according to attack carries out effect and studied and judged, to not The instruction smoothly blocked, warning message is submitted to guard system.
4. device according to claim 1, it is characterised in that described attack blocks performing module, in addition to blocks effect Fruit Performance Analysis, analyses whether to have blocked the information flow in current attack path performing security gateway exit.
5. device according to claims 1 to 4, it is characterised in that described linked protection control module, can be controlled simultaneously Multiple execution security gateways;Described linked protection control module, can simultaneously be used by multiple guard systems.
6. based on the nearly threat source attack blocking-up method of distribution that any described device of Claims 1 to 4 is realized, its feature exists In, including step is as follows:
(1) security gateway set is configured in linked protection control module;
(2) linked protection control module is received with decomposing attack information, obtains attack path and attack type;
(3) linked protection control module tries to achieve the execution security gateway for supporting that nearly threat source attack is blocked on every estimated path;
(4) linked protection module blocks instruction to security gateway transmission is performed, and converges and collect blocking instruction feedback;
(5) performing the attack in security gateway blocks performing module to perform blocking instruction, produces blocking action;
(6) attack blocks performing module analysis barrier effect performance indications, obtains implementation effect and is sent to linked protection control mould Block;
(7) linked protection control module convergence implementation effect, studies and judges implementing result, is instructed for the blocking for performing failure, Xiang Fang Protecting system is alerted.
CN201710549113.0A 2017-07-07 2017-07-07 A kind of distributed nearly threat source attack blocking-up method and its device Pending CN107181760A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710549113.0A CN107181760A (en) 2017-07-07 2017-07-07 A kind of distributed nearly threat source attack blocking-up method and its device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710549113.0A CN107181760A (en) 2017-07-07 2017-07-07 A kind of distributed nearly threat source attack blocking-up method and its device

Publications (1)

Publication Number Publication Date
CN107181760A true CN107181760A (en) 2017-09-19

Family

ID=59844597

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710549113.0A Pending CN107181760A (en) 2017-07-07 2017-07-07 A kind of distributed nearly threat source attack blocking-up method and its device

Country Status (1)

Country Link
CN (1) CN107181760A (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682326A (en) * 2017-09-21 2018-02-09 北京邮电大学 A kind of security gateway linked protection mechanism, agreement and module
CN108900515A (en) * 2018-07-09 2018-11-27 赖洪昌 A kind of cyberspace loophole merger platform data forward service system
CN110505243A (en) * 2019-09-18 2019-11-26 浙江大华技术股份有限公司 The processing method and processing device of network attack, storage medium, electronic device
CN113992431A (en) * 2021-12-24 2022-01-28 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium
CN114726602A (en) * 2022-03-29 2022-07-08 中国工程物理研究院计算机应用研究所 Self-adaptive threat blocking method for enterprise intranet under network zero change condition

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075503A (en) * 2009-11-24 2011-05-25 北京网御星云信息技术有限公司 A network intrusion prevention system based on cloud computing
CN102111394A (en) * 2009-12-28 2011-06-29 成都市华为赛门铁克科技有限公司 Network attack protection method, equipment and system
US20150281278A1 (en) * 2014-03-28 2015-10-01 Southern California Edison System For Securing Electric Power Grid Operations From Cyber-Attack
WO2016150253A1 (en) * 2015-03-24 2016-09-29 华为技术有限公司 Sdn-based ddos attack prevention method, device and system
CN106657144A (en) * 2017-01-20 2017-05-10 北京理工大学 Dynamic protection path planning method based on reinforcement learning

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102075503A (en) * 2009-11-24 2011-05-25 北京网御星云信息技术有限公司 A network intrusion prevention system based on cloud computing
CN102111394A (en) * 2009-12-28 2011-06-29 成都市华为赛门铁克科技有限公司 Network attack protection method, equipment and system
US20150281278A1 (en) * 2014-03-28 2015-10-01 Southern California Edison System For Securing Electric Power Grid Operations From Cyber-Attack
WO2016150253A1 (en) * 2015-03-24 2016-09-29 华为技术有限公司 Sdn-based ddos attack prevention method, device and system
CN106657144A (en) * 2017-01-20 2017-05-10 北京理工大学 Dynamic protection path planning method based on reinforcement learning

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107682326A (en) * 2017-09-21 2018-02-09 北京邮电大学 A kind of security gateway linked protection mechanism, agreement and module
CN107682326B (en) * 2017-09-21 2020-08-07 北京邮电大学 Security gateway linkage protection mechanism, protocol and module
CN108900515A (en) * 2018-07-09 2018-11-27 赖洪昌 A kind of cyberspace loophole merger platform data forward service system
CN108900515B (en) * 2018-07-09 2021-06-04 赖洪昌 Data forwarding service system of network space vulnerability merging platform
CN110505243A (en) * 2019-09-18 2019-11-26 浙江大华技术股份有限公司 The processing method and processing device of network attack, storage medium, electronic device
CN113992431A (en) * 2021-12-24 2022-01-28 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium
CN113992431B (en) * 2021-12-24 2022-03-25 北京微步在线科技有限公司 Linkage blocking method and device, electronic equipment and storage medium
CN114726602A (en) * 2022-03-29 2022-07-08 中国工程物理研究院计算机应用研究所 Self-adaptive threat blocking method for enterprise intranet under network zero change condition

Similar Documents

Publication Publication Date Title
CN107181760A (en) A kind of distributed nearly threat source attack blocking-up method and its device
Bawany et al. DDoS attack detection and mitigation using SDN: methods, practices, and solutions
Karie et al. IoT threat detection advances, challenges and future directions
Deepa et al. Detection of DDoS attack on SDN control plane using hybrid machine learning techniques
Dao et al. A feasible method to combat against DDoS attack in SDN network
CN103561004B (en) Cooperating type Active Defending System Against based on honey net
CN104506507B (en) A kind of sweet net safety protective system and method for SDN
CN101087196B (en) Multi-layer honey network data transmission method and system
CN104954367B (en) A kind of cross-domain ddos attack means of defence of internet omnidirectional
CN105208037A (en) DoS/DDoS attack detecting and filtering method based on light-weight intrusion detection
CN103023924A (en) Content distribution network based DDoS (distributed denial of service) attack protecting method and content distribution network based DDoS attack protecting system for cloud distribution platform
Hirayama et al. Fast target link flooding attack detection scheme by analyzing traceroute packets flow
CN103546488A (en) Active security defense system and method of power secondary system
CN108076053A (en) A kind of real-time traffic towards wireless internet of things is intercepted and abnormity early warning system and method
CN109474605A (en) A kind of source net lotus industrial control system composite defense method based on Autonomous Domain
Myneni et al. SmartDefense: A distributed deep defense against DDoS attacks with edge computing
Das et al. Flood control: Tcp-syn flood detection for software-defined networks using openflow port statistics
Haggerty et al. DiDDeM: a system for early detection of TCP SYN flood attacks
CN102123136A (en) Method for identifying DDoS (distributed denial of service) attack flow
Haggerty et al. Early detection and prevention of denial-of-service attacks: a novel mechanism with propagated traced-back attack blocking
Thorat et al. SDN-based machine learning powered alarm manager for mitigating the traffic spikes at the IoT gateways
Barika et al. Artificial neural network for mobile IDS solution
CN1367434A (en) Intraconnection network computer and Internet unauthorized connection monitoring system and its method
CN113489694B (en) Dynamic defense system for resisting large-flow attack in honey farm system
CN114978667A (en) SDN network DDoS attack detection method based on graph neural network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170919